A proof of concept that enables a better of understanding of more popular tools and how they work to find open shares on a target host.
One of the things I am consistently learning while embarking on this career pivot to cybersecurity is how much of a leg up building your own tools, blogging, and networking can get you when trying to enter the field with no prior (cybersecurity) experience.
I have software development experience which makes building my own tooling super fun for me. I’ve already built a DDoS Script and an DNS Enumeration tool, but those are no where near the projects I want to build and showcase.
Simple proof of concept script to demonstrate ddos with Python
A simple dns enumeration tool for pentesting recon
The DDoS script was the most challenging and most rewarding of the two because of how much I struggled to build it, to get my head around Python, a language I hadn’t used in 9 years. The DNS enumeration tool was built as part of a YouTube video I watched from a guy that works at TryHackMe now and I put little though into it.
Now, I feel I am ready to build my own tools. I’ve written some thorough notes about the design of this tool, but here are the basics:
- What should the script do?
- What does it accomplish that
nmapandrustcando not? - How will you utilize the goals of other, more established scripts to build your own?
The script should only do four things #
- List server shares
- Find null authentication
- Enumerate shares
- List permissions on each shared directory
That seems like a fair amount of tasks for the script to accomplish for now.
Building #
I’ve started building it already. You can find it on my GitHub account.